Network Working Group P. Marques
Request for Comments: 5575 Cisco Systems
Category: Standards Track N. Sheth
Juniper Networks
R. Raszuk
Cisco Systems
B. Greene
Juniper Networks
J. Mauch
NTT America
D. McPherson
Arbor Networks
August 2009
Dissemination of Flow Specification Rules
Abstract
This document defines a new Border Gateway Protocol Network Layer
Reachability Information (BGP NLRI) encoding format that can be used
to distribute traffic flow specifications. This allows the routing
system to propagate information regarding more specific components of
the traffic aggregate defined by an IP destination prefix.
Additionally, it defines two applications of that encoding format:
one that can be used to automate inter-domain coordination of traffic
filtering, such as what is required in order to mitigate
(distributed) denial-of-service attacks, and a second application to
provide traffic filtering in the context of a BGP/MPLS VPN service.
The information is carried via the BGP, thereby reusing protocol
algorithms, operational experience, and administrative processes such
as inter-provider peering agreements.
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Marques, et al. Standards Track [Page 1]RFC 5575 Flow Specification August 2009Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Table of Contents
1. Introduction ....................................................3
2. Definitions of Terms Used in This Memo ..........................5
3. Flow Specifications .............................................5
4. Dissemination of Information ....................................6
5. Traffic Filtering ..............................................12
5.1. Order of Traffic Filtering Rules ..........................13
6. Validation Procedure ...........................................14
7. Traffic Filtering Actions ......................................15
8. Traffic Filtering in BGP/MPLS VPN Networks .....................17
9. Monitoring .....................................................18
10. Security Considerations .......................................18
11. IANA Considerations ...........................................19
12. Acknowledgments ...............................................20
13. Normative References ..........................................21
Marques, et al. Standards Track [Page 2]RFC 5575 Flow Specification August 20091. Introduction
Modern IP routers contain both the capability to forward traffic
according to IP prefixes as well as to classify, shape, rate limit,
filter, or redirect packets based on administratively defined
policies.
These traffic policy mechanisms allow the router to define match
rules that operate on multiple fields of the packet header. Actions
such as the ones described above can be associated with each rule.
The n-tuple consisting of the matching criteria defines an aggregate
traffic flow specification. The matching criteria can include
elements such as source and destination address prefixes, IP
protocol, and transport protocol port numbers.
This document defines a general procedure to encode flow
specification rules for aggregated traffic flows so that they can be
distributed as a BGP [RFC4271] NLRI. Additionally, we define the